> 3. Instead of using the bwrap package, build Flatpak with its vendored convenience copy
If someone takes this approach in newer Ubuntu branches where bwrap needs a special AppArmor profile to be allowed to do its job, please note that the vendored convenience copy gets installed as /usr/libexec/flatpak-bwrap rather than /usr/bin/bwrap, so AppArmor profiles might need adjusting. In the Flatpak team's PPA, so far we've only needed to do this for focal and older, which don't need a special AppArmor profile for bwrap, so this problem didn't arise. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077087 Title: CVE-2024-42472: Access to files outside sandbox for apps using persistent= (--persist) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/2077087/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs